Miasma Worm Spreads From Red Hat Packages To Microsoft Repositories

A rapidly developing software supply chain attack known as Miasma is one of the latest to move from targeting Red Hat npm packages to infecting numerous Microsoft GitHub repositories.

Cloudsmith researchers described the Miasma attack, noting it began after the compromise of the GitHub account of a Red Hat employee, which enabled attackers to use the GitHub OIDC token to deploy malicious packages in the @redhat-cloud-services namespace. Over 30 such compromised packages have been published in the npm registry to facilitate credential, identity, and CI/CD secrets theft.

The worm has progressed past package poisoning. According to researchers, Miasma can infect code repositories and propagate itself via popular tools such as Claude Code, Gemini CLI, Visual Studio Code, and Cursor. Once activated, it will try to steal credentials, insert malicious workflows into repositories, and create persistence in development environments.

The damage caused by the operation was extensive. Up to 73...

Copyright of this story solely belongs to informationsecuritybuzz.com. To see the full text click HERE